[oe-commits] [openembedded-core] 49/57: cve-check: short-circuit checking if CVE_PRODUCT isn't set

[git at git.openembedded.org]

This is an automated email from the git hooks/post-receive script.

rpurdie pushed a commit to branch master-next
in repository openembedded-core.

commit d89e2c0e9477a1dfeb4c33ea2aa060e8876dae62
Author: Ross Burton <ross.burton at intel.com>
AuthorDate: Fri Feb 9 12:43:17 2018 +0000

    cve-check: short-circuit checking if CVE_PRODUCT isn't set
    
    For some recipes is is meaningless to do a CVE check, for example packagegroups
    or images.  Check that CVE_PRODUCT is set and short-circuit the scan if it
    isn't.
    
    Signed-off-by: Ross Burton <ross.burton at intel.com>
---
 meta/classes/cve-check.bbclass | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/meta/classes/cve-check.bbclass b/meta/classes/cve-check.bbclass
index 061e883..d8087dd 100644
--- a/meta/classes/cve-check.bbclass
+++ b/meta/classes/cve-check.bbclass
@@ -169,6 +169,9 @@ def check_cves(d, patched_cves):
     cves_patched = []
     cves_unpatched = []
     bpn = d.getVar("CVE_PRODUCT")
+    # If this has been unset then we're not scanning for CVEs here (for example, image recipes)
+    if not bpn:
+        return ([], [])
     pv = d.getVar("CVE_VERSION").split("+git")[0]
     cves = " ".join(patched_cves)
     cve_db_dir = d.getVar("CVE_CHECK_DB_DIR")

-- 
To stop receiving notification emails like this one, please contact
the administrator of this repository.